Field of the Invention
The present invention generally relates to securely processing customer account data, and more particularly to a system, computer program product, and method for securely interfacing card issuer databases with a client system tool.
Related Art
The proliferation of rogue programs such as viruses, trojan horses, and computer hackers, etc., places computing devices at risk. Customer account data which is stored, even temporarily, on a customer's computing device is potentially at risk due to these malicious entities. As a result, customers, merchants, and card issuers are reluctant to utilize tools which reside on a customer computing device and interface with sensitive customer account data.
Notwithstanding such environments, online shopping through customer computing devices is now just as common as in-store shopping. A payment transaction is typically performed by a customer through a personal computer connected to a public network such as the Internet. Typically, a customer, whether through the merchant's web site or a third party payment processing web site, manually enters his or her account information into fields on a web page to process the transaction. To avoid memorizing information, such as account numbers, and to avoid typing additional information used to make a purchase, some customers use customer account data storage programs. This permits the customer to avoid the tedious task of manually entering this information during each transaction. Such a program (or devices) is often referred to as a digital wallet or an e-wallet program.
A digital wallet program allows a customer to store information which can be automatically loaded into a merchant website form which is used to complete a transaction. While digital wallet programs remove the hassle associated with manually entering account information for each transaction, a user still is required to enter some information prior to their initial use.
One legitimate concern is that the information that is manually or automatically loaded at the customer's device can be exposed to rogue programs running on the customer's computing device. Even if the account data is ultimately stored in an encrypted form, the account data may also be exposed during data entry and prior to encryption by the digital wallet software. Accordingly, card issuers are reluctant to provide customer computing devices access to customer account data.
Communications between the customer's computing device and card issuer databases are typically encrypted. Once the customer account data is received by the customer computing device, however, the data is decrypted for use by the customer (e.g., viewing or storage) and may then be intercepted, snooped, or otherwise accessed by rogue programs running on the customer's device.
While customers are able to access recent transactions, payments, and statements through card issuer websites, these interfaces do not provide access to the customer account data required for transaction processing. For instance, typically only the last four digits of a credit card number will be displayed.
Given the foregoing, one technical challenge is to allow data, such as sensitive customer account data, to be transmitted to a computing device and decrypted within the receiving computing device such that the data is not exposed to malicious entities external or internal to the computing device.